CVE-2022-23121 — Vulnetix

CVE-2022-23121 PUBLISHED CVSS 9.800000190734863 CRITICAL

De multiples vulnérabilités ont été découvertes dans Synology DSM et SRM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

EPSS 16.82% · 95.1th percentile

Risk Scores

CVSS v3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

16.82%

95.1th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	10.0, 11.0
Synology	SRM
Netatalk	Netatalk	3.1.12
netatalk	netatalk	0
Synology	DSM

Timeline

Aug 30, 2022 CVE Published
Mar 29, 2023 EPSS Score
Apr 4, 2023 EPSS Score
May 7, 2023 EPSS Score
May 17, 2023 EPSS Score
Sep 22, 2023 EPSS Score
Apr 3, 2024 EPSS Score
Apr 29, 2024 EPSS Score
Jul 2, 2024 EPSS Score
Sep 7, 2024 EPSS Score
Nov 2, 2024 EPSS Score
Nov 16, 2024 EPSS Score

References

https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html url
https://www.zerodayinitiative.com/advisories/ZDI-22-527/ url
[debian-lts-announce] 20230516 [SECURITY] [DLA 3426-1] netatalk security update mailing-list
[debian-lts-announce] 20230601 [SECURITY] [DLA 3426-2] netatalk regression update mailing-list
DSA-5503 vendor-advisory
GLSA-202311-02 vendor-advisory
https://www.kb.cert.org/vuls/id/709991 url
https://nvd.nist.gov/vuln/detail/CVE-2022-23121 advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-527 url
https://www.synology.com/fr-fr/security/advisory/Synology_SA_22_06 advisory

Open in Interactive Console →